public async Task <IActionResult> SetUserInfo(DTO.UserDTO userInfo)
{
// When user already logged in...
if (this.UserInRole(Role.Tenant))
{
var thisUserId = this.UserIdFromApiKey();
// Ensure a tenant cannot updated information for another user.
userInfo.UserId = thisUserId;
var updatedUser = await _userRepository.UpdateUserInfo(userInfo);
if (updatedUser == null)
{
var err = new DTO.ErrorBuilder()
.Message("User already exists with that login information or user not found.")
.Code(409)
.Build();
return(err);
}
return(new ObjectResult(updatedUser));
}
else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin))
{
var updatedUser = await _userRepository.UpdateUserInfo(userInfo);
if (updatedUser == null)
{
var err = new DTO.ErrorBuilder()
.Message("User already exists with that login information or user not found.")
.Code(409)
.Build();
return(err);
}
return(new ObjectResult(updatedUser));
}
else
{
userInfo.UserAccountType = UserAccountType.Tenant;
var newUser = await _userRepository.TryCreateAccount(userInfo);
if (newUser == null)
{
var err = new DTO.ErrorBuilder()
.Message("Unable to create account, tenant information not found or already exists.")
.Code(404)
.Build();
return(err);
}
newUser.Password = "******";
return(new ObjectResult(newUser));
}
}
public async Task <IActionResult> SetUserInfo(DTO.UserDTO userInfo)
{
if (this.HttpContext.User.IsInRole(Role.Manager))
{
if (userInfo.UserAccountType == UserAccountType.Admin)
{
var err = new DTO.ErrorBuilder()
.Message("You do not have the proper authorization to edit Admin user accounts.")
.Code(403)
.Build();
return(err);
}
}
else if (this.HttpContext.User.IsInRole(Role.Tenant))
{
var err = new DTO.ErrorBuilder()
.Message("You do not have the proper authorization to edit user accounts.")
.Code(403)
.Build();
return(err);
}
var user = await _userRepository.UpdateUserInfo(userInfo);
var userDTO = new DTO.UserDTO(user);
return(new ObjectResult(userDTO));
}